Examples

Note that the module runs as the web server user, so the PAM modules used must
be able to authenticate the users without being root; that means that if you
want to use the pam_unix.so module to autenticate users you need to let the
web server user to read the /etc/shadow file if that does not scare you (on
Debian like systems you can add the www-data user to the shadow group).

As an example, to authenticate users against an LDAP server (using the
pam_ldap.so module) you will use an /etc/pam.d/nginx like the following:

If you also want to limit the users from LDAP that can authenticate you can
use the pam_listfile.so module; to limit who can access resources under
/restricted add the following to the nginx.conf file: